The NHS smartcard has become an indispensable tool for GPs but, because it is such a powerful device, having one carries a high degree of responsibility.
A smartcard authenticates who a GP or NHS employee is so that he or she can access a range of information and services vital for providing safe, high quality and timely patient care.
With so much data and clinical responsibility connected with the ownership of a smartcard, GPs and other staff should take great care of them. Make sure that the whole practice team does the same.
Here are some tips, and pitfalls to mention to colleagues at your practice.
1 Don’t share or lend it
Don’t let staff share smartcards or let colleagues borrow them. A smartcard creates an audit trail of actions that the named cardholder could be held responsible for. Accessing NHS systems using another person’s smartcard is against the law, even if the clinician ‘borrowing’ the card is authorised to have access to the information.
2 Put it somewhere safe
Encourage staff to keep smartcards safe and secure. Treat smartcards with the same care you would a credit card and make sure staff keep their passcodes secret.Remove smartcards from readers when not in use, encourage staff to log off or lock computer screens when they leave them unattended.
3 Keep the PIN private
Staff should never disclose a passcode or put it anywhere a colleague could use it – for instance, on the back of the card itself or on a sticky note next to a computer. If a user needs to write a passcode down, put it in a locked drawer, or save it on a password-protected mobile.
4 Don’t use an obvious passcode
Encourage staff to pick a passcode that others can’t guess – not 1234 or the last four digits of the card number, for example.
5 Find out how to unlock it
If a staff member locks him or herself out or forgets a passcode, unlock a smartcard using the self-service portal.
Dr Peter Short is national clinical lead for general practice at HSCIC and a GP in Buxton, Derbyshire.